2024-05-02 22:30:54 +00:00
|
|
|
---
|
|
|
|
|
# hashistack generate certificates playbook
|
|
|
|
|
- name: "Generate credentials"
|
2024-07-11 21:30:05 +00:00
|
|
|
hosts: deployment
|
2024-05-02 22:30:54 +00:00
|
|
|
strategy: linear
|
|
|
|
|
gather_facts: true
|
|
|
|
|
become: true
|
|
|
|
|
tasks:
|
|
|
|
|
- name: "Generate consul credentials"
|
|
|
|
|
block:
|
2024-05-16 15:29:41 +00:00
|
|
|
- name: "Generate consul gossip encryption key"
|
2024-07-11 21:30:05 +00:00
|
|
|
block:
|
|
|
|
|
- name: "Generate 24 random bytes and base64 encode"
|
|
|
|
|
ansible.builtin.shell:
|
|
|
|
|
cmd: |
|
|
|
|
|
set -o pipefail
|
|
|
|
|
dd if=/dev/urandom bs=24 count=1 2>/dev/null | base64
|
|
|
|
|
executable: /bin/bash
|
|
|
|
|
changed_when: false
|
|
|
|
|
register: _consul_random_base64_string
|
|
|
|
|
|
|
|
|
|
- name: "Generate consul gossip encryption key"
|
|
|
|
|
ansible.builtin.set_fact:
|
|
|
|
|
_consul_gossip_encryption_key: "{{ _consul_random_base64_string.stdout }}"
|
2024-05-16 15:29:41 +00:00
|
|
|
|
2024-05-02 22:30:54 +00:00
|
|
|
- name: "Generate consul root credentials"
|
|
|
|
|
ansible.builtin.set_fact:
|
2024-05-16 15:29:41 +00:00
|
|
|
_consul_root_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
|
2024-05-02 22:30:54 +00:00
|
|
|
|
|
|
|
|
- name: "Generate consul agents credentials"
|
|
|
|
|
ansible.builtin.set_fact:
|
2024-06-25 13:16:42 +00:00
|
|
|
_consul_agents_accessor: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
|
2024-05-16 15:29:41 +00:00
|
|
|
_consul_agents_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
|
2024-05-02 22:30:54 +00:00
|
|
|
|
2024-05-08 00:25:13 +00:00
|
|
|
- name: "Generate consul vault credentials"
|
|
|
|
|
ansible.builtin.set_fact:
|
2024-06-25 13:16:42 +00:00
|
|
|
_consul_vault_accessor: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
|
2024-05-16 15:29:41 +00:00
|
|
|
_consul_vault_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
|
2024-05-08 00:25:13 +00:00
|
|
|
|
2024-06-25 13:16:42 +00:00
|
|
|
- name: "Generate consul nomad server credentials"
|
|
|
|
|
ansible.builtin.set_fact:
|
|
|
|
|
_consul_nomad_server_accessor: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
|
|
|
|
|
_consul_nomad_server_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
|
|
|
|
|
|
|
|
|
|
- name: "Generate consul nomad client credentials"
|
|
|
|
|
ansible.builtin.set_fact:
|
|
|
|
|
_consul_nomad_client_accessor: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
|
|
|
|
|
_consul_nomad_client_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
|
|
|
|
|
|
2024-05-02 22:30:54 +00:00
|
|
|
- name: "Generate nomad credentials"
|
|
|
|
|
block:
|
2024-05-16 15:29:41 +00:00
|
|
|
- name: "Generate nomad gossip encryption key"
|
2024-07-11 21:30:05 +00:00
|
|
|
block:
|
|
|
|
|
- name: "Generate 24 random bytes and base64 encode"
|
|
|
|
|
ansible.builtin.shell:
|
|
|
|
|
cmd: |
|
|
|
|
|
set -o pipefail
|
|
|
|
|
dd if=/dev/urandom bs=24 count=1 2>/dev/null | base64
|
|
|
|
|
executable: /bin/bash
|
|
|
|
|
changed_when: false
|
|
|
|
|
register: _nomad_random_base64_string
|
|
|
|
|
|
|
|
|
|
- name: "Generate nomad gossip encryption key"
|
|
|
|
|
ansible.builtin.set_fact:
|
|
|
|
|
_nomad_gossip_encryption_key: "{{ _nomad_random_base64_string.stdout }}"
|
2024-05-16 15:29:41 +00:00
|
|
|
|
2024-05-02 22:30:54 +00:00
|
|
|
- name: "Generate nomad root credentials"
|
|
|
|
|
ansible.builtin.set_fact:
|
2024-05-16 15:29:41 +00:00
|
|
|
_nomad_root_token: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_letters','digits']) | to_uuid }}"
|
2024-05-02 22:30:54 +00:00
|
|
|
|
2024-07-03 20:17:57 +00:00
|
|
|
- name: "Ensure secrets directory is created"
|
|
|
|
|
ansible.builtin.file:
|
2024-07-25 20:29:19 +00:00
|
|
|
path: "{{ hashistack_sub_configuration_directories['secrets'] }}"
|
2024-07-03 20:17:57 +00:00
|
|
|
state: directory
|
|
|
|
|
owner: "{{ lookup('env', 'USER') }}"
|
|
|
|
|
group: "{{ lookup('env', 'USER') }}"
|
|
|
|
|
mode: '0755'
|
|
|
|
|
|
2024-05-02 22:30:54 +00:00
|
|
|
- name: "Write credentials file"
|
|
|
|
|
ansible.builtin.template:
|
2024-05-03 20:27:42 +00:00
|
|
|
src: templates/credentials.yml.j2
|
2024-07-25 20:29:19 +00:00
|
|
|
dest: "{{ hashistack_sub_configuration_directories['secrets'] }}/{{ hashistack_configuration_credentials_vars_file }}"
|
2024-05-03 20:27:42 +00:00
|
|
|
owner: "{{ lookup('env', 'USER') }}"
|
|
|
|
|
group: "{{ lookup('env', 'USER') }}"
|
2024-05-02 22:30:54 +00:00
|
|
|
mode: '0644'
|
